I have finally lost it with Drupal. For 15 years it’s been my go-to technology for pulling a website out of my ass. It can be up and running on the domain of your choice in a range of pretty colours in less than 15 minutes. You need a website to prank someone when they get home but they’ve already entered the building? Drupal’s your friend. You need a newspaper for vampires that will be DDoSed by the Alaskan branch of an obscure cult? Drupal is your friend (RIP Ravenblack Grimoire) You need a professional-looking website for your latest business venture? Drupal is your friend (shameless plug for Newcut Studios)

Except it’s not any more. I am the lazy kind of website admin that sets up a site, basks in the glory of people thinking you are some kind of genius then wanders off to play with something shiny. This worked fine for years. I’d occasionally check up on these sites and, for the most part, they just looked after themselves. Not any more. About a year back the Newcut Studios site was pwned through a dodgy image picker plugin. I tidied it up and moved on. This became a regular occurrence. Despite (for the most part) keeping everything up-to-date the bastards kept finding a way in.

A few weeks ago the Newcut Studios was once again riddled with malware through yet another plugin vulnerabilty. So when people went looking for our lovely little studio they’d be redirected to the dodgiest of Russian gambling sites. I removed four different kinds of malware then went to make a coffee. By the time I got back 5 minutes later there were 5 new infestations (I’d missed one vector when patching up all the holes). You’d think this would be the last straw, but it wasn’t.

The last straw came the Friday just gone. I was dressed all in black and just about to go out the door to the funeral of a close friend when I thought I’d best check my emails (work blah blah). There were 1107 unread messages in my Inbox, all relating to this site (mattinn.es). I’ll put a selection of them here, suitably anonymised.

I did NOT sign up for your website. Please do not process anything with my name attached, and delete anything that you have already set up. Apparently, my email has been hacked.

I did not register at mattinn. Please take me off your email list!

Please do not send any more emails to this account.

Questo indirizzo di posta verrà disattivato a breve! Vogliate contattarci al nostro nuovo indirizzo

There is a security update available for your version of Drupal. To ensure the security of your server, you should update immediately!

Oh thanks for the warning Drupal! Would have been nice if it had arrived before I’d spammed over a thousand people. Actually it was quite a few more than that. I was on my way to a funeral for fuck’s sake. The funeral was followed by a wake that lasted more than 12 hours (I lost count after that). It was the best part of 36 hours before I was able to take the site down. Suffice it to say, I was not the most popular person on the internet that day. Luckily Elon Musk was smoking weed in public so it didn’t top the newsfeeds.

So to cut a long story slightly shorter, I’ve finally given up on Drupal. About 5 years ago a friend and erstwhile colleague of mine, Greg Beech, advised me to give up on Drupal and build a static site, like in the old days. I laughed politely and kept ramming plugins into my Drupal. He was right. Finally now that my Drupal is bleeding and battered from all the abuse, I have a new friend: Jekyll. Jekyll just makes HTML for your website so no moving parts. No arriving home to find Turkish hackers have replaced your site with messages supporting the Albanians in Kosovo. With a name like that, what could possibly go wrong?